漏洞描述
The automountd service, when enabled or running, allowed a local attacker to execute arbitrary commands with root privileges by exploiting automatic mount options. This misconfiguration led to local privilege escalation.
linux-automountd-enabled: Automountd Service Enabled
PoC代码[已公开]
id: linux-automountd-enabled
info:
name: Automountd Service Enabled
author: songyaeji
severity: medium
description: |
The automountd service, when enabled or running, allowed a local attacker to execute arbitrary commands with root privileges by exploiting automatic mount options. This misconfiguration led to local privilege escalation.
reference:
- https://isms.kisa.or.kr
metadata:
verified: true
tags: local,linux,privesc,kisa
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
if pgrep -x "automountd" > /dev/null; then
echo "[VULNERABLE] automountd service is running"
else
echo "[SAFE] automountd service is not running"
fi
matchers-condition: and
matchers:
- type: word
part: response
words:
- "root"
negative: true
- type: word
part: response
words:
- "[VULNERABLE]"
# digest: 4a0a0047304502203bae281737c0bf4a782527ac4b1f087046778d156478e8942e0f62bc57de275602210080d389c9fdfcdb96b3290985fcbba51ad85076327ed6aabd5af318ba4dc0f0e2:922c64590222798bb761d5b6d8e72950